Topic: This message was too old and has been purged (Read 5036 times)
I'm confused. Even if this is true, what does modifying the message (the message hash, in fact) have to do with transaction malleability? If you change the script to be signed in the transaction that transaction will have a different tx hash anyway, even if the same signature is valid, not to mention even if you were able to construct such message hash you still can't figure out the message as long as the hash function is secure.
Now we can create a modified message, which will lead in the same signature WITHOUT KNOWING THE PRIVATE KEY!
Although this signature is the same it will (in this example) not get verified correctly. But with some "formula bingo" you can create a different signature which WILL validate.
I need some time on this to fully get a "out of the box runnable" proof of concept. But it really disencourages people, when there are some guys who give you bad ratings. In fact I will only continue working on this, when the User who rated me bad for this topic, removes his rating.
Although this signature is the same it will (in this example) not get verified correctly. But with some "formula bingo" you can create a different signature which WILL validate.
I need some time on this to fully get a "out of the box runnable" proof of concept. But it really disencourages people, when there are some guys who give you bad ratings. In fact I will only continue working on this, when the User who rated me bad for this topic, removes his rating.
Put up or shut up. There are plenty of messages in this thread. If you can do what you say, prove it. Otherwise GTFO.
Take the following python example program.
A question for Evil-Knievel: What does this function from the python example suppose to do:
Code:
def halve( self ):
Guessing it is the opposite of 'double', in an attempt to create EC point divide. This looks rather naive, how are you going to solve problem of finding the X mod Y = Z if you only have Y and Z? It's impossible.
Point Havling is trivial, it is just multiplying by the "multiplicative inverse to the modulo group order of G of 2".
I know that it's trivial, but even that "trivial" is not in the code, there is a copy/paste code from the 'double' method.
That was not my question, question was what's the use of the 'halve' method at all? Hypothetical point divide?
This message was too old and has been purged
Take the following python example program.
A question for Evil-Knievel: What does this function from the python example suppose to do:
Code:
def halve( self ):
Guessing it is the opposite of 'double', in an attempt to create EC point divide. This looks rather naive, how are you going to solve problem of finding the X mod Y = Z if you only have Y and Z? It's impossible.
Well, whenever you sign a message/transaction/block you have to pick some random k value. If you ever pick k twice the same, people can recover your private key, so you are advised to pick it completely randomly. In this example k was picked to be 908.
Yeah, I'm fully aware of the meaning of k and why you need to pick it at random. My concern is that you are setting yourself up for a repeat. Do you remember that time when you wrote a shitty not-so-random key generator, and then wrote a program that "found" your shitty weak keys?
If you use a shitty not-so-random k generator, and then you exploit your shitty ks, no one gives a fuck because you are exploiting your own lousy programming, not the software people are using, and not the math it is based on.
I could be wrong about that, of course. Your latest scam might not depend on using shitty k values. It is also entirely possible that you don't understand that message signing is done on hashes instead of integers. Or, you may have "discovered" the property of key-recovery that gmaxwell mentioned earlier.
I am actually looking forward to this.
This message was too old and has been purged
This message was too old and has been purged
Hi Serpens! I will be doing a demonstration soon, the problem is that we have 3 am at night over here and I am a bit tired.
Almost three days later after the original post, should someone call emergency response to wake Mr. Kinevel from his slumber?funny, I just asked him if he's willing to give a brief statment over here. But he played the stalling tactics card, says he's too disappointed...sniff. There's nothing left to believe in him. Guess you were right about him right from the beginning. Just another thickhead wasted his five minutes of fame, case closed.
And I took my time to sign a message. Never really thought it would come to something - but sometimes you never know. Maths is amazing but clearly not for this chap.
Sorry guys, I was in the NXT thread. There, people also laughed at me when I tried to talk about a potential issue a few weeks ago, now I collected a 100,000 NXT bounty for identifying the bug.
I will be back shortly, to finish up this demonstration here.
The potential issue you bringed some days ago and the "bug" you found are two different things.
-You claimed it was possible to funds NXT account with unlimited funds, and you didn't proved that at all.
-The bug you discovered was an injected flaw by the NXT dev to make sure people audit the source code. You got it, congrats for the 100k bounty.
This message was too old and has been purged
Hi Serpens! I will be doing a demonstration soon, the problem is that we have 3 am at night over here and I am a bit tired.
Almost three days later after the original post, should someone call emergency response to wake Mr. Kinevel from his slumber?funny, I just asked him if he's willing to give a brief statment over here. But he played the stalling tactics card, says he's too disappointed...sniff. There's nothing left to believe in him. Guess you were right about him right from the beginning. Just another thickhead wasted his five minutes of fame, case closed.
And I took my time to sign a message. Never really thought it would come to something - but sometimes you never know. Maths is amazing but clearly not for this chap.
Hi Serpens! I will be doing a demonstration soon, the problem is that we have 3 am at night over here and I am a bit tired.
Almost three days later after the original post, should someone call emergency response to wake Mr. Kinevel from his slumber?funny, I just asked him if he's willing to give a brief statment over here. But he played the stalling tactics card, says he's too disappointed...sniff. There's nothing left to believe in him. Guess you were right about him right from the beginning. Just another thickhead wasted his five minutes of fame, case closed.
Hi Serpens! I will be doing a demonstration soon, the problem is that we have 3 am at night over here and I am a bit tired.
Almost three days later after the original post, should someone call emergency response to wake Mr. Kinevel from his slumber? I have just gotten a negaitve trust rating from gmaxwell, just because I wanted to discuss some potential security issues with you guys? What kind of cumminity is this, please? Do you get a negative rating if you talk about your concerns? Is it better to shut up completely, even if sometimes a false alarm might be sent off?
--------
Quote from: Message
No, you got a bad trust rating because you continually cry wolf without any evidence to back up your claims. You said you could provide valid sigs for posted messages as an example of the flaw you found. There are numerous signed messages posted in this thread. Put up or shut up.
Quote from: Sig
IDHNVL6lJx04wYMjBU5yJG5OcGUUiRpRWYyzgyrySufLDOFYaIIbnFtSCyz3q6mT9iqXOjWtqStXwUF 5PvjewBo=
Quote from: Address
1D4LM66YwaoqcfHF1366pqvxvxHxvq66EZ
You got a negative trust rating because you've hyped bogus and deceptive security claims multiple times and tried to charge people for exploit tools that didn't. But hey, you could still collect on that 50 BTC bounty I offered you for your last set of claims, and I'll even remove the negative trust to boot.
He also claims to have found a flaw in Nxt and wanted money before he writes the code to exploit it.
https://bitcointalksearch.org/topic/m.5663483
The balls on this guy.
Why isn't this thread locked yet? Hilarity?
This shitty community eagerly awaits your proof. You're in danger getting blamed for what you criticized us.
What you do not seem to understand at all, is that these claim i make are not bogus. Just because you cannot understand them, this doesn't mean they are not present.
I cannot judge to what degree this is a potential thread, whan I can say is that all I am saying is 100% right.
You seem to be a very arrogant person, who blames anyone who has contrary opinions to you. Not sure why you are this way, but this disencourages people to help auditing the bitcoin code at all (even if they are wrong sometimes).
If all bitcoin-qt developers are so ignorant and arrogant like you are, I am not surprised why the transaction malleability was ignored for such a long time causing users to lose over 800000 BTC. Maybe you just ignored it because you felt that all "code auditers" where just spreading FUD and should therefore just shut the fuck up. I mean this issue was known for a long time, did it?
I understand that you might have some problem accepting people thinking differently than you do, but don't you think that you have some kind of responsibility (to the users) to listen to everyone and (more importantly) be thankful to anyone trying to help, instead of seeing you as the king and looking down on everyone else?
edit
the crypographic tenderfoots thank Eadeqa for pointing out this difference technologique
You got a negative trust rating because you've hyped bogus and deceptive security claims multiple times and tried to charge people for exploit tools that didn't. But hey, you could still collect on that 50 BTC bounty I offered you for your last set of claims, and I'll even remove the negative trust to boot.
What you do not seem to understand at all, is that these claim i make are not bogus. Just because you cannot understand them, this doesn't mean they are not present.
I cannot judge to what degree this is a potential thread, whan I can say is that all I am saying is 100% right.
You seem to be a very arrogant person, who blames anyone who has contrary opinions to you. Not sure why you are this way, but this disencourages people to help auditing the bitcoin code at all (even if they are wrong sometimes).
If all bitcoin-qt developers are so ignorant and arrogant like you are, I am not surprised why the transaction malleability was ignored for such a long time causing users to lose over 800000 BTC. Maybe you just ignored it because you felt that all "code auditers" where just spreading FUD and should therefore just shut the fuck up. I mean this issue was known for a long time, did it?
I understand that you might have some problem accepting people thinking differently than you do, but don't you think that you have some kind of responsibility (to the users) to listen to everyone and (more importantly) be thankful to anyone trying to help, instead of seeing you as the king and looking down on everyone else?
edit
What would SHA256 has anything to do with this? This is curve related (secp256k1)
the crypographic tenderfoots thank Eadeqa for pointing out this difference technologique
But I would prove it to you anyway. Just sign some text and post it along with a signature. Maybe the significance will become clear then.
There are a few signatures in this thread so where's the beef?
So what's up? Do we have devcon 1 or is this just an alarm drill?
It is possible I think but would take some kind of genius inspiration to break the encryption algorithm. I remember there was some Chinese girl who did (then didn't yeah right) break the sha256 algorithm... still waiting for his asics to crunch the numbers...
This means if his Asperger turns out misunderstood genius, sha256 is basically broken? Is there a way we can "easily" follow/confirm his claim?
Well if he posts a message that I can verify as signed my me - then yeah shit hits the fan. Probability is low though but you can't rule out a mule (isaac asimov
)[edit] and then we would need to know how he did it... yeah
[edit2] even if he did manage to post a message that I could verify as signed by me - it's more likely to be a a 'feature' in bitcoin qt 0.8.6 rather than a crack for sha256...
What would SHA256 has anything to do with this? This is curve related (secp256k1)
But I would prove it to you anyway. Just sign some text and post it along with a signature. Maybe the significance will become clear then.
Ok, I'm mathematically minded - what do you want me to do exactly - please post clear reproducible instructions and I'll give it a go...
Just sign a message with a btc address, and post message + signature + public key (the "address") - just as Automatic did.
sig : Hzkosd/No+cUbW8WvUdJvgCIV0F4xkPVKk2anyMp7NPedJkcmg/VD8BrAgGGuaP52tlsCv/csnAcpmTNDc3YH6A=
message : This is my Transaction Malleability Reloaded message
address : 1JuRLLT7YrtPKWooSPsuqgFU2EHSCN6Hdq
Any joy?
yup, hes a bitch
You got a negative trust rating because you've hyped bogus and deceptive security claims multiple times and tried to charge people for exploit tools that didn't. But hey, you could still collect on that 50 BTC bounty I offered you for your last set of claims, and I'll even remove the negative trust to boot.
He also claims to have found a flaw in Nxt and wanted money before he writes the code to exploit it.
https://bitcointalksearch.org/topic/m.5663483
Hi Serpens! I will be doing a demonstration soon, the problem is that we have 3 am at night over here and I am a bit tired.
But what I can say at least is, that such unprofessional people should never ever be part of a development team involved in a multi-billion-dollar-project.
This guy sounds like "if you say anything bad about bitcoin, i will give you a bad rating, mimimimi". I am sorry, but this is unprofessional.
I am really thinking about offering a donation of 50 BTC to the bitcoin foundation if they kick this guy out.
But what I can say at least is, that such unprofessional people should never ever be part of a development team involved in a multi-billion-dollar-project.
This guy sounds like "if you say anything bad about bitcoin, i will give you a bad rating, mimimimi". I am sorry, but this is unprofessional.
I am really thinking about offering a donation of 50 BTC to the bitcoin foundation if they kick this guy out.
You shouldn't make your ulterior intentions so clear. Either man-up and prove the point in your OP or quit this holy crusade of yours.
Malleability With security it is best move to solve problems.
This guy sounds like "if you say anything bad about bitcoin, i will give you a bad rating, mimimimi". I am sorry, but this is unprofessional.
The fact is that you tried to sell a useless program that simply did not work, while promoting it with fake arguments that could be explained only by a) a total lack of understanding of basic cryptography, or b) malice.
Now please prove you can generate multiple valid signatures for the messages + public keys posted above.
Eight hours after the original post and not a single thing of substance has been said, just more FUD and whining like the prior incidents with this poster. Soon I suppose we'll see requests for payment.
Since he's asking for signmessages in particular, let me guess that if we get anything at all it'll be repetitions of the same signature and different messages with different public keys, which is exactly how it's supposed to work (every validly encoded signature is valid, which is why bitcoind's veryify message functionality forces you to provide the expected address.)
E.g.
verifymessage '1NskFs6D7NYP9rpnaAVAdz7NhLLNkSjf1J 'Gyk26Le4ER0EUvZiFGUCXhJKWVEoTtQNU449puYZPaiUmYyrcozt2LuAMgLvnEgpoF6cw8ob9Mj/CjP9ATydO1k=' '1'
verifymessage '17aiPTrsQtAHpRFvzxGoYiZ1m63ujDX43K' 'Gyk26Le4ER0EUvZiFGUCXhJKWVEoTtQNU449puYZPaiUmYyrcozt2LuAMgLvnEgpoF6cw8ob9Mj/CjP9ATydO1k=' '2'
verifymessage '1AY1MXXY6aPHW1Raj9QVjJprMo8BewMdB9' 'Gyk26Le4ER0EUvZiFGUCXhJKWVEoTtQNU449puYZPaiUmYyrcozt2LuAMgLvnEgpoF6cw8ob9Mj/CjP9ATydO1k=' '3'
Which is just a property of public key recovery and isn't interesting or related to Bitcoin transactions. Every possible signature,message pair is valid for some public-key.
Since he's asking for signmessages in particular, let me guess that if we get anything at all it'll be repetitions of the same signature and different messages with different public keys, which is exactly how it's supposed to work (every validly encoded signature is valid, which is why bitcoind's veryify message functionality forces you to provide the expected address.)
E.g.
verifymessage '1NskFs6D7NYP9rpnaAVAdz7NhLLNkSjf1J 'Gyk26Le4ER0EUvZiFGUCXhJKWVEoTtQNU449puYZPaiUmYyrcozt2LuAMgLvnEgpoF6cw8ob9Mj/CjP9ATydO1k=' '1'
verifymessage '17aiPTrsQtAHpRFvzxGoYiZ1m63ujDX43K' 'Gyk26Le4ER0EUvZiFGUCXhJKWVEoTtQNU449puYZPaiUmYyrcozt2LuAMgLvnEgpoF6cw8ob9Mj/CjP9ATydO1k=' '2'
verifymessage '1AY1MXXY6aPHW1Raj9QVjJprMo8BewMdB9' 'Gyk26Le4ER0EUvZiFGUCXhJKWVEoTtQNU449puYZPaiUmYyrcozt2LuAMgLvnEgpoF6cw8ob9Mj/CjP9ATydO1k=' '3'
Which is just a property of public key recovery and isn't interesting or related to Bitcoin transactions. Every possible signature,message pair is valid for some public-key.
Hi Serpens! I will be doing a demonstration soon, the problem is that we have 3 am at night over here and I am a bit tired.
But what I can say at least is, that such unprofessional people should never ever be part of a development team involved in a multi-billion-dollar-project.
This guy sounds like "if you say anything bad about bitcoin, i will give you a bad rating, mimimimi". I am sorry, but this is unprofessional.
I am really thinking about offering a donation of 50 BTC to the bitcoin foundation if they kick this guy out.
But what I can say at least is, that such unprofessional people should never ever be part of a development team involved in a multi-billion-dollar-project.
This guy sounds like "if you say anything bad about bitcoin, i will give you a bad rating, mimimimi". I am sorry, but this is unprofessional.
I am really thinking about offering a donation of 50 BTC to the bitcoin foundation if they kick this guy out.
Dear EK, given the walls of text you are makeing , and the magnitude of your claim, you would be up 3.AM no worries setting out a brief proof....
You have had signed messages or so forth as you requested and only walls of text follow.
Do you see how this make you harder to believe?
I/m not ruling anything out, it just he story does not square at this time
This message was too old and has been purged
I think you all should calm down. You all made mistakes by offending the other users.
So Evil-Knievel, please just prove the things you are saying.
Next time you maybe should start with the evidences =/
So Evil-Knievel, please just prove the things you are saying.
Next time you maybe should start with the evidences =/
This message was too old and has been purged
You got a negative trust rating because you've hyped bogus and deceptive security claims multiple times and tried to charge people for exploit tools that didn't. But hey, you could still collect on that 50 BTC bounty I offered you for your last set of claims, and I'll even remove the negative trust to boot.
WHAT KIND OF COMMUNITY IS THIS???
I have just gotten a negaitve trust rating from gmaxwell, just because I wanted to discuss some potential security issues with you guys? What kind of cumminity is this, please? Do you get a negative rating if you talk about your concerns? Is it better to shut up completely, even if sometimes a false alarm might be sent off?
How can this be? Don't you guys think this is unfair?
I have just gotten a negaitve trust rating from gmaxwell, just because I wanted to discuss some potential security issues with you guys? What kind of cumminity is this, please? Do you get a negative rating if you talk about your concerns? Is it better to shut up completely, even if sometimes a false alarm might be sent off?
How can this be? Don't you guys think this is unfair?
are you a bitch? because you act like a bitch.
I'm sure it'll be retracted pretty quickly if you do something with the signed messages above, as you requested
This message was too old and has been purged
Okay, it's highly unlikely that sha256 becomes broken near-term. But let's wait if he found a workaround on that signing procedure. In this case he would deserve some serious worship for publishing it here. Let us pray, let the unicorns fly!
So what's up? Do we have devcon 1 or is this just an alarm drill?
It is possible I think but would take some kind of genius inspiration to break the encryption algorithm. I remember there was some Chinese girl who did (then didn't yeah right) break the sha256 algorithm... still waiting for his asics to crunch the numbers...
This means if his Asperger turns out misunderstood genius, sha256 is basically broken? Is there a way we can "easily" follow/confirm his claim?
Well if he posts a message that I can verify as signed my me - then yeah shit hits the fan. Probability is low though but you can't rule out a mule (isaac asimov
)[edit] and then we would need to know how he did it... yeah
[edit2] even if he did manage to post a message that I could verify as signed by me - it's more likely to be a a 'feature' in bitcoin qt 0.8.6 rather than a crack for sha256...
So what's up? Do we have devcon 1 or is this just an alarm drill?
It is possible I think but would take some kind of genius inspiration to break the encryption algorithm. I remember there was some Chinese girl who did (then didn't yeah right) break the sha256 algorithm... still waiting for his asics to crunch the numbers...
This means if his Asperger turns out misunderstood genius, sha256 is basically broken? Is there a way we can "easily" follow/confirm his claim?
So what's up? Do we have devcon 1 or is this just an alarm drill?
It is possible I think but would take some kind of genius inspiration to break the encryption algorithm. I remember there was some Chinese girl who did (then didn't yeah right) break the sha256 algorithm... still waiting for his asics to crunch the numbers...
So what's up? Do we have devcon 1 or is this just an alarm drill?
Hello Everyone!
It was hard to miss the recent implications of the transaction malleability issue, in which context for example nearly all MtGox funds were lost. Now the simple idea was to take the negative value of a part of the signature which also resultet in a valid signature (at least in the bitcoin implementation which falsely accepts this non-standard type of signatures).
I have probably found a way to resign "already signed" messages with perfectly correct signatures. Filtering for these typical "transaction malleability signatures" will therefore be not enough. Now the problem might be huge and not just solved by filtering out these "changed and non-standard signatures".
If you like we can discuss these issues here.
It was hard to miss the recent implications of the transaction malleability issue, in which context for example nearly all MtGox funds were lost. Now the simple idea was to take the negative value of a part of the signature which also resultet in a valid signature (at least in the bitcoin implementation which falsely accepts this non-standard type of signatures).
I have probably found a way to resign "already signed" messages with perfectly correct signatures. Filtering for these typical "transaction malleability signatures" will therefore be not enough. Now the problem might be huge and not just solved by filtering out these "changed and non-standard signatures".
If you like we can discuss these issues here.
But I would prove it to you anyway. Just sign some text and post it along with a signature. Maybe the significance will become clear then.
Ok, I'm mathematically minded - what do you want me to do exactly - please post clear reproducible instructions and I'll give it a go...
Just sign a message with a btc address, and post message + signature + public key (the "address") - just as Automatic did.
sig : Hzkosd/No+cUbW8WvUdJvgCIV0F4xkPVKk2anyMp7NPedJkcmg/VD8BrAgGGuaP52tlsCv/csnAcpmTNDc3YH6A=
message : This is my Transaction Malleability Reloaded message
address : 1JuRLLT7YrtPKWooSPsuqgFU2EHSCN6Hdq
But I would prove it to you anyway. Just sign some text and post it along with a signature. Maybe the significance will become clear then.
Ok, I'm mathematically minded - what do you want me to do exactly - please post clear reproducible instructions and I'll give it a go...
Just sign a message with a btc address, and post message + signature + public key (the "address") - just as Automatic did.
But I would prove it to you anyway. Just sign some text and post it along with a signature. Maybe the significance will become clear then.
Ok, I'm mathematically minded - what do you want me to do exactly - please post clear reproducible instructions and I'll give it a go...
going to need a little more than that from someone who's already raised questionable alarms before
You mean outright fraudulent alarms. You note even here he says "probably".I call bullshit.
Even though I am a person who is willing to help in most cases, I have never expected such a "direct" response from the community.
And as the community seems not to honor my work, well - then I will just shut up about it at all.
I mean I could ask someone of you to post a text along with a signed signature from one of your wallets so I can generate dozens of other valid signatures for it, but I am not sure if this will change my mind at all.
I can demonstrate it if you want, but with this kind of response I will definitely not invest a single minute in explaining the complex mathematics behind it.
Unfortunately, my crypto ability is next to none, so, even if you do it, it'll mean nothing to me, but, I am interested in what you say:-
Code:
13SdzWe5JCASoyvXr4kAgGnB6n3PNPSSQe
Code:
This is my amazing note.
Code:
HMzLVDA8Nsf79Le1JHHqD7Uc0MXvCERLalWpJrqWe9KGDWhD38W41oDkeix92jP2RBCmMgkerkYkvZcu+Kmm8Zw=
Like I said though, my crpyto knowledge is next to none, and, the same with my trust, so, it's really proving nothing (Even if what you say is valid), as, anyone looking in will just say "Hey, those two are working together"
This message was too old and has been purged
This message was too old and has been purged
If you find any possible code issues with Bitcoin, its best to bring it up to the Dev team. They might even reward you if its serious enough, who knows.
going to need a little more than that from someone who's already raised questionable alarms before
You mean outright fraudulent alarms. You note even here he says "probably".I call bullshit. Real cryptanalysis is specific.
I'm from the midwest, sue me
Too nice.
This message was too old and has been purged
going to need a little more than that from someone who's already raised questionable alarms before
You mean outright fraudulent alarms. You note even here he says "probably".I call bullshit. Real cryptanalysis is specific.
If you have discovered a new exploit you might want to send a description to the dev team. I'm sure your help would be appreciated.
going to need a little more than that from someone who's already raised questionable alarms before
This message was too old and has been purged
Jump to: